package org.spiderflow.configuration;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;

/**
 * WEB 安全配置
 *
 * @author tdx.lq
 * @since 2021-04-24 20:38
 */
@Configuration
public class WebSecurityConfiguration
        extends WebSecurityConfigurerAdapter implements WebMvcConfigurer {

    @Value("${spring.security.enable:false}")
    private boolean enable;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        if(!enable) {
            http.authorizeRequests()
                    .anyRequest()
                    .permitAll()
                    .and()
                    .headers()
                    .frameOptions()
                    .disable()
                    .and()
                    .csrf()
                    .disable()
                    .logout()
                    .permitAll();
        } else {
            http.authorizeRequests()
                    .anyRequest()
                    .authenticated()
                    .and()
                    .headers()
                    .frameOptions()
                    .disable()
                    .and()
                    .csrf()
                    .disable()
                    .httpBasic();
        }
    }
}
